Search the Community
Showing results for tags 'Malicious'.
-
http://www.singcert.org.sg/index.php?optio...3&Itemid=30 [singCERT] Security Alert on Conficker.C Monday, 30 March 2009 [ Summary ] SingCERT is aware of a new variant of the Conficker (also known as Downadup or Downad) worm, dubbed as Conficker.B++ or Conficker.C by the various anti-virus vendors. This variant contains logic that will become active on April 1, 2009. The exact nature of the activity that will occur on that day is not known at this time. It is known that the malware will begin querying domains for new instructions/payload, as it has done in the past. The new variant is reported to connect back to 500 random remote servers out of a possible pool of 50,000 servers that is generated randomly on a daily basis. The worm has evolved from exploiting vulnerabilities described in the Microsoft Security Bulletin MS08-067 to propagation by exploiting portable storage media leveraging on Autorun functionality and brute-forcing passwords of shared network resources. Companies are advised to be on the alert for abnormal network activities or spikes in the various system parameters that may suggest Conficker infection. Please contact SingCERT if you need assistance. [ Solutions/Workaround ] 1. Apply the necessary security patches for the Windows operation system as soon as possible. Patches are available from the vendor to address the exploited vulnerabilities. http://www.microsoft.com/technet/security/...n/MS08-067.mspx 2. Keep anti-virus signatures updated. Virus signatures are available from the major anti-virus vendors to detect this new variant. 3. Enforce strong password policy. Organisations are advised to review their password policies, in particular to enforce policies for strong password for shared network resources to minimise the possibility of the malware spreading through shared resources. 4. As the Conficker worm can also spread through portable devices (e.g. thumbdrives), organisations are advised that while disabling the autorun feature may result in some inconvenience for users, it can help to reduce the risk of infection. http://www.microsoft.com/technet/security/...e=2009-%2002-24 5. If a Conficker infection is suspected, the infected system should be removed from the network. Major anti-virus vendors and Microsoft have released several free tools that can verify the presence of a Conficker infection and remove the worm. Instructions for manually removing a Conficker infection from a system have been published by Microsoft in http://support.microsoft.com/kb/962007. [ Reference ] http://www.microsoft.com/technet/security/...n/MS08-067.mspx http://www.microsoft.com/technet/security/...e=2009-%2002-24